Support saving configs per user

2024-02-14 11:19:18 +01:00 · 2024-02-14 11:19:18 +01:00 · 1f12d21059
parent 3806fe53b5
commit 1f12d21059
3 changed files with 49 additions and 20 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,13 +1,17 @@
 ---
-# --------------------------------------
-# -- yq version
-# --------------------------------------
+# ---------------------------------------------------------------------
+# If set to true, the role won't install yq and kubeectl
+# ---------------------------------------------------------------------
+use_system_bins: false
+# ---------------------------------------------------------------------
+# yq version
+# ---------------------------------------------------------------------
 yq:
  version: v4.35.2
  binary: yq_linux_amd64
-# --------------------------------------
-# -- kubectl version
-# --------------------------------------
+# ---------------------------------------------------------------------
+# kubectl version
+# ---------------------------------------------------------------------
 kubectl:
  version: v1.26.6
  arch: amd64
@ -15,7 +19,7 @@ kubectl:
 # -- Path to k8s admin config
 # --------------------------------------
 k8s_config_path: /etc/kubernetes/admin.conf
-k8s_cert_path: /etc/kubernetes/pki 
+k8s_cert_path: /etc/kubernetes/pki
 k8s_cert_crt_file: ca.crt
 k8s_cert_key_file: ca.key
 # --------------------------------------
@ -23,7 +27,7 @@ k8s_cert_key_file: ca.key
 # --------------------------------------
 username: "admin"
 # --------------------------------------
-# -- How many days certificate 
+# -- How many days certificate
 # -- will be valid
 # --------------------------------------
 certificate_expires_in: 500
@ -34,7 +38,7 @@ cluster: "microk8s-cluster"
 # --------------------------------------
 # -- RoleBinding parameters
 # --------------------------------------
-# -- Binding type: 
+# -- Binding type:
 # ---- ClusterRoleBinding
 # ---- RoleBinding
 # --------------------------------------
@ -53,13 +57,14 @@ role: cluster-admin
 # --------------------------------------
 # users:
 #   - username: "admin"
+#     host_user: "admin"
 #     cluster: "microk8s-cluster"
 #     certificate_expires_in: 500
 #     binding_type: ClusterRoleBinding
 #     role_type: ClusterRole
 #     role: cluster-admin
 #     k8s_config_path: /etc/kubernetes/admin.conf
-#     k8s_cert_path: /etc/kubernetes/pki 
+#     k8s_cert_path: /etc/kubernetes/pki
 #     k8s_cert_crt_file: ca.crt
 #     k8s_cert_key_file: ca.key
 # --------------------------------------
@ -67,7 +72,7 @@ users: []
 # --------------------------------------
 # -- Use with microk8s
 # --------------------------------------
-# k8s_config_path: /var/snap/microk8s/current/credentials/client.config 
+# k8s_config_path: /var/snap/microk8s/current/credentials/client.config
 # k8s_cert_path: /var/snap/microk8s/current/certs
 # --------------------------------------
 # -- Use with k3s
--- a/tasks/create-user.yaml
+++ b/tasks/create-user.yaml
@ -1,15 +1,38 @@
 ---
 - name: Prepare cert directory
  block:
-    - name: Set workdir as fact
-      set_fact:
-        cert_dir: "{{ working_dir }}/.certs/{{ username }}"
+    - name: Using host_user to bootstrap config
+      when: host_user | length > 0
+      block:
+        - name: Set  workdir with a custom host user as a fact
+          set_fact:
+            cert_dir: "/home/{{ host_user }}/.k8s/certs/{{ username }}"
+            conf_dir: "/home/{{ host_user }}/.kube/{{ username }}"
+            is_host_user: true

-    - name: Create a directory if it does not exist
+    - name: Using user to bootstrap config
+      when: host_user | length == 0
+      block:
+        - name: Set  workdir with a custom host user as a fact
+          set_fact:
+            cert_dir: "/home/{{ username }}/.k8s/certs/"
+            conf_dir: "/home/{{ username }}/.kube"
+            is_host_user: false
+
+    - name: create a directory if it does not exist
      ansible.builtin.file:
        path: "{{ cert_dir }}"
        state: directory
        mode: "0775"
+        owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
+
+    - name: create a directory if it does not exist
+      ansible.builtin.file:
+        path: "{{ conf_dir }}"
+        state: directory
+        mode: "0775"
+        owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
+
 - block:
  - name: Generate openssl certificate
    tags: openssl
@ -81,8 +104,9 @@
      - name: Create config file from template
        template:
          src: config.j2
-          dest: "{{ working_dir }}/{{ username }}.config"
+          dest: "{{ conf_dir }}/config"
          force: false
+          owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
    tags: config

  - name: Bind user to role
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -8,13 +8,15 @@
 # --------------------------------------
 ---
 - name: Ensure required packages are installed
+  when: not use_system_bins
  tags: packages
  block:
-    - name: Create a directory if it does not exist
+    - name: Create a working directory if it doesn't exist
      ansible.builtin.file:
        path: "{{ working_dir }}"
        state: directory
        mode: "0775"
+
    - name: Prepare bin directory
      block:
        - name: Set workdir as fact
@ -27,9 +29,6 @@
            state: directory
            mode: "0775"

-    # --------------------------------------
-    # -- Install yq
-    # --------------------------------------
    - name: Install yq
      block:
        - name: Ensure yq is installed
@ -78,6 +77,7 @@
  vars:
    certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}"
    username: "{{ item.username }}"
+    host_user: "{{ item.host_user | default('') }}"
    cluster: "{{ item.cluster }}"
    binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
    role_type: "{{ item.role_type | default('ClusterRole') }}"